Jump to content

IT razno.


Mikorist

Preporučeni Komentari

  ...* Bionic update to v4.14.11 stable release (LP: #1741061)
    - tracing: Remove extra zeroing out of the ring buffer page
    - tracing: Fix possible double free on failure of allocating trace buffer
    - tracing: Fix crash when it fails to alloc ring buffer
    - x86/cpufeatures: Add X86_BUG_CPU_INSECURE
    - x86/mm/pti: Disable global pages if PAGE_TABLE_ISOLATION=y
    - x86/mm/pti: Prepare the x86/entry assembly code for entry/exit CR3 switching
    - x86/mm/pti: Add infrastructure for page table isolation
    - x86/pti: Add the pti= cmdline option and documentation
    - x86/mm/pti: Add mapping helper functions
    - x86/mm/pti: Allow NX poison to be set in p4d/pgd
    - x86/mm/pti: Allocate a separate user PGD
    - x86/mm/pti: Populate user PGD
    - x86/mm/pti: Add functions to clone kernel PMDs
    - x86/mm/pti: Force entry through trampoline when PTI active
    - x86/mm/pti: Share cpu_entry_area with user space page tables
    - x86/entry: Align entry text section to PMD boundary
    - x86/mm/pti: Share entry text PMD
    - x86/mm/pti: Map ESPFIX into user space
    - x86/cpu_entry_area: Add debugstore entries to cpu_entry_area
    - x86/events/intel/ds: Map debug buffers in cpu_entry_area
    - x86/mm/64: Make a full PGD-entry size hole in the memory map
    - x86/pti: Put the LDT in its own PGD if PTI is on
    - x86/pti: Map the vsyscall page if needed
    - x86/mm: Allow flushing for future ASID switches
    - x86/mm: Abstract switching CR3
    - x86/mm: Use/Fix PCID to optimize user/kernel switches
    - x86/mm: Optimize RESTORE_CR3
    - x86/mm: Use INVPCID for __native_flush_tlb_single()
    - x86/mm: Clarify the whole ASID/kernel PCID/user PCID naming
    - x86/dumpstack: Indicate in Oops whether PTI is configured and enabled
    - x86/mm/pti: Add Kconfig
    - x86/mm/dump_pagetables: Add page table directory to the debugfs VFS
      hierarchy
    - x86/mm/dump_pagetables: Check user space page table for WX pages
    - x86/mm/dump_pagetables: Allow dumping current pagetables...

4.15 je to, već, dobio...

Uz dobar FW i ostalo sve je to, ipak, odbranjivo, čak i pre zakrpa...

FUD je, uvek, prisutan...

Link to comment
Podeli na ovim sajtovima

Evo ga GURU se javio

Quote

Why is this all done without any configuration options?

A *competent* CPU engineer would fix this by making sure speculation
doesn't happen across protection domains. Maybe even a L1 I$ that is
keyed by CPL.

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

.. and that really means that all these mitigation patches should be
written with "not all CPU's are crap" in mind.

Or is Intel basically saying "we are committed to selling you shit
forever and ever, and never fixing anything"?

Because if that's the case, maybe we should start looking towards the
ARM64 people more.

Please talk to management. Because I really see exactly two possibibilities:

 - Intel never intends to fix anything

OR

 - these workarounds should have a way to disable them.

Which of the two is it?

                   Linus
 

 

https://lkml.org/lkml/2018/1/3/797

Link to comment
Podeli na ovim sajtovima

Risk Assessment

Based on the analysis performed by this tool: This system is not vulnerable.

For more information refer to the INTEL-SA-00086 Detection Tool Guide or the Intel Security Advisory Intel-SA-00086 at the following link: https://www.intel.com/sa-00086-support

INTEL-SA-00086 Detection Tool

Application Version: 1.0.0.152
Scan date: 05.01.2018 16:47:57

Link to comment
Podeli na ovim sajtovima

12 minutes ago, skrstic said:

This system is not vulnerable.

 

A ti veruješ Intelu ? :rofl:

Pogledaj moj predhodni post šta kaže Linus :baby: 

 

33 minutes ago, Mikorist said:

I think somebody inside of Intel needs to really take a long hard look
at their CPU's, and actually admit that they have issues instead of
writing PR blurbs that say that everything works as designed.

 

Link to comment
Podeli na ovim sajtovima

Kao ne jednom do sada, uprkos svim izvrsnim odlukama, Linus svađom grdi i sebe jer je, recimo tako, odlukama koje je učinio nedavno kumovao ovome što se sada dešava. Jeste, prilika je da nije mogao videti šta je iza krivine ali... ;) Njemu kapa dole ali to samo dokazuje da neke krivine ne mogu da predvide i najbolji vozači... Najčešće je najljući kada se ljuti na sebe.. ;)

Link to comment
Podeli na ovim sajtovima

4 hours ago, Mikorist said:

A ti veruješ Intelu ? :rofl:

Pogledaj moj predhodni post šta kaže Linus :baby: 

Jel da se citiram il da ponovim CIA snajka NSA...

Pa jer stvarno misliš da nije INTEL-dizajnerski stavljeno da možeš svemu da pristupiš? Neko slučajno provalio ili vetovatnije neko iz sližbi objavio. Pa sve ide kroz intel serve. Ceo internet a preko njega sve komunikacije.

Link to comment
Podeli na ovim sajtovima

18 hours ago, zika said:

Njemu kapa dole ali to samo dokazuje da neke krivine ne mogu da predvide i najbolji vozači.

Ako on ne zna kako kernel radi i šta je potrebno da se pačuje onda ko drugi ?

(da ostavimo po strani njegov karakter - zna da bude nezgodan)

On i dalje tvrdi da je potreban CPL kako bi se sprečio Meltdown da čita JIT' iz JS iz web browsera...

A isti je princip na svim operativnim sistemima na low level nivou.:)

Link to comment
Podeli na ovim sajtovima

A evo zašto je Linus zapeo za  PCL - (The Performance Counter Library) 

SAD (patched): (RAW_DATA + ENCRYPT_DATA) > Processor > STORE_ENCRYPTED_DATA > Processor, then when requested, (DECRYPT_DATA + CHECK_DATA) > Processor > ERASE_DATA_FROM_RAM > Processor.

Svaki put,  procesovani podaci su veći i veći - izazivaju usporenje za 30 do 45%

PRE (without patch) : (RAW_DATA) > Processor > ENCRYPT_DATA > Processor > STORE_DATA > Processor, then when requested, DECRYPT_DATA > Processor > CHECK_DATA > Processor > ERASE_DATA > Processor. 

Link to comment
Podeli na ovim sajtovima

Kreiraj nalog ili se prijavi da daš komentar

Potrebno je da budeš član DiyAudio.rs-a da bi ostavio komentar

Kreiraj nalog

Prijavite se za novi nalog na DiyAudio.rs zajednici. Jednostavno je!

Registruj novi nalog

Prijavi se

Već imaš nalog? Prijavi se ovde

Prijavi se odmah
  • Članovi koji sada čitaju   0 članova

    • Nema registrovanih članova koji gledaju ovu stranicu
×
×
  • Kreiraj novo...